[adp-3489] External signing and derivation lib

[paweljakubas]

Library is expected to be able to
(a) derive all relevant keys with respect to account key
(b) sign cbor with the specified key
(c) be emulation of hardware wallet in a sense that adding the hardware support should fit to the current software emulation of it

• Library structure
• Adding derivation keys logic
• Adding golden testing (against cardano-addresses) plus property testing for derivation
• Adding cli for derivation keys

$ cabal run signing -- derive
Deliver payment credential related keys: public key, with and without chain
code, the respective public key hash aka verification key hash and the
corresponding extended and signing private keys

Usage: signing derive --index INT

  Derive payment public/signing keys of account public key for a given index

Available options:
  -h,--help                Show this help text
  --index INT              Valid index of payment credential, must be between 0
                           and 2147483647.

The extended account private key is read from stdin and credential payment index is taken as an argument. External role is assumed, ie. 0.
Meaning when one requests credential payment index 3, then relative derivation path on top of account derivation node is 0/3.

Example:
  $ cat acct.xsk
    acct_xsk1mqqrxjztq35xkjzvx8lw730xnxf8lyrgd8fmtrk588fetal8wfvc37fnv7udef5uuktx7lxw3c3msnjmma20k823vy4z9qmclj4352uzq8r72xw2d77l9jafnzr4zjpl9jk7xkeewwq90nweh4q95rd5cud5269p
  $ signing derive --index 0 <<< $(cat acct.xsk)
    xprv: 600d9fc48ef9c6249a6d8190762bdad8439a2c2d13cdd1661878023a06e8725993e19505261ca08fa403d91c975d6e842164fc0614fabbeb998bcb1f71001e07ff273a153a3905108dbb490112d4e3740ec5a3d206423188523bee1c0e8a2c17
    prv: 600d9fc48ef9c6249a6d8190762bdad8439a2c2d13cdd1661878023a06e8725993e19505261ca08fa403d91c975d6e842164fc0614fabbeb998bcb1f71001e07
    xpub: cc1c6c947f4245d297a7fe9f34bffe08fb6f25322057cc3eb87556fdbca5eaa9ff273a153a3905108dbb490112d4e3740ec5a3d206423188523bee1c0e8a2c17
    pub: cc1c6c947f4245d297a7fe9f34bffe08fb6f25322057cc3eb87556fdbca5eaa9
    vkh: c8f945808fa4e5e7fa8fdf8f30f2363123c058415825707b26ca9406

• [ ] Adding signing logic
• Adding signing testing
• Adding signing cli
• Adding cli testing
• Adding docs

Comments

Issue Number

adp-3489

[abailly]

@paweljakubas In https://cardanofoundation.atlassian.net/browse/ADP-3489 we said we wanted to use external tools to sign transactions, eg. take the output of the deposit wallet and use a combination of Cardano-address and Cardano-cli, for example, to produce and submit a signed transaction.

It seems you have been recreating a complete tool, or am I misunderstanding something?

[paweljakubas]

indeed, it is going to sign tx. In details, having:

• cbor of tx
• accXPrv
• ix of key with derivation path, ie. 0/ix

it will produce

• cbor of tx with witness added
  the cbor is going to be ready to be submitted (provided the cbor is not partially signed byt fully signed).
  Derivation key part is just part one of this task. Task two is using the derived keys and cardano-api to produce cbor.
  Basically, what hardware wallet is going to do (modulo in hardware wallet case we will call it with accXPub)

Also, I would argue the lib should not be responsible for submitting cbor.